W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2014

Re: CSP: Minimum cipher strength

From: Frederik Braun <fbraun@mozilla.com>
Date: Tue, 09 Sep 2014 11:03:07 +0200
Message-ID: <540EC24B.4060105@mozilla.com>
To: public-webappsec@w3.org
On 08.09.2014 22:54, Erlend Oftedal wrote:
> Hi
> 
> Reading the chapter this blog
> post http://marc.durdin.net/2014/09/risks-with-third-party-scripts-on-internet-banking-sites/ made
> me think about the problem of using third party scripts where the
> SSL/TLS is poorly configured, and how we could deal with that.

You can reduce the risk of trusting third party scripts with
http://www.w3.org/TR/SRI/ ;-)
Received on Tuesday, 9 September 2014 09:03:38 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC